Allow veth that is not attached to a bridge on unprivileged container

Signed-off-by: Fajar A. Nugraha <github@fajar.net>

src/lxc/conf.c

@@ -2979,6 +2979,7 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 	int bytes, pipefd[2];
 	char *token, *saveptr = NULL;
 	char buffer[MAX_BUFFER_SIZE];
+	char netdev_link[IFNAMSIZ+1];
 
 	if (netdev->type != LXC_NET_VETH) {
 		ERROR("nic type %d not support for unprivileged use",
@@ -3008,7 +3009,12 @@ static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid)
 
 		// Call lxc-user-nic pid type bridge
 		char pidstr[20];
-		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev->link, netdev->name, NULL };
+		if (netdev->link) {
+			strncpy(netdev_link, netdev->link, IFNAMSIZ);
+		} else {
+			strncpy(netdev_link, "none", IFNAMSIZ);
+		}
+		char *args[] = {LXC_USERNIC_PATH, pidstr, "veth", netdev_link, netdev->name, NULL };
 		snprintf(pidstr, 19, "%lu", (unsigned long) pid);
 		pidstr[19] = '\0';
 		execvp(args[0], args);

src/lxc/lxc_user_nic.c

@@ -187,6 +187,8 @@ static bool nic_exists(char *nic)
 	int ret;
 	struct stat sb;
 
+	if (strcmp(nic, "none") == 0)
+		return true;
 	ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
 	if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
 		return false;
@@ -250,6 +252,7 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
 		return false;
 	}
 
+	if (strcmp(br, "none") != 0) {
 		/* copy the bridge's mtu to both ends */
 		mtu = get_mtu(br);
 		if (mtu != -1) {
@@ -265,6 +268,7 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
 			fprintf(stderr, "Error attaching %s to %s\n", veth1buf, br);
 			goto out_del;
 		}
+	}
 
 	/* pass veth2 to target netns */
 	ret = lxc_netdev_move_by_name(veth2buf, pid, NULL);